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tn the claims 

Please amend the claims to read as provided below. 
1 . (Current ly Amended) A system that provides for remote password 
authentication, comprising: 
a cli ?nt comput e r ; 

a plurality of authentication servers; 

a ne work interconnecting the client comput e r and the plurality of 
authentication servers; and 

safe /are- running on th e cli e nt comput e r - and - plurality of authentication 
serv e rs that coop e rat e s to e nt e r a password on th e cli e nt, stor e a memory, coupled 
to the client . the memory maintaining instructions that when executed by the 
client, cause s the client to receive a password, transmit a unique random value yj 
efi to each c f the servers, derive a group element (P) from the password, send a 
blinded password value (P*) to the servers, rotriovo receive blinded key shares 
(P xyi ) from 1 lie servers, unblind and combine the blindedjkey shares to crate a 
master key i Km), and decrypt encrypted private data on th e- oti e nt computer using 
the master 1; ey (Km) 

2. 0 Currently Amended) The system recited in Claim 1 wherein the 
software op arating.on the client op e rat e s instructions further cause the client to 
validate the master key (Km). 

3. (iJhirrently Amended) The system recited in Claim 1 wherein the 
software op s rating - on th e cli e nt op e rates instructions further cause the client to 
decrypt encr ypted private data using the validated master key (Km). 

4. (Currently Amended) The system recited in Claim 2 wherein the 
so ftware op e rating on the cli e nt op e rat e s instructions further cause the client to 
decrypt enc ypted private data using the validated master key (Km). 
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5. (' Currently Amended) The system recited in Claim 2 wherein the 
□oftworo op irating-on-the cli e nt op e rates instnicrions further cause the client to 
send proof of the validated master key (Km) and each blinded password value 
(I*) to the s ervers. 

6. (i Currently Amended) A method that provides for remote password 
authentication using a system comprising including a client computer , a plurality 
of authentication servers, and a network interconnecting the client oomputor and 
the plurality of authentication servers, the method comprising the steps of: 

eate mg receiving a password; 
derr ing group elements (P) from the password; 
send iing a blinded password value (P x ) to the servers; 
*e&i *4ag receiving blinded key shares (P^) from the servers; 
unbl inding and combining the blinded_key shares to create a master key 
(Km); and 

decrypting encrypted private data on the oliont computer using the master 
key (Km). 

1. Original) The method recited in Claim 6 further comprising the step of 
validating die master key (K m ). 

8. (-Currently Amended) The method recited in Claim 6 whoroin th e 
software op :g^B^ oi>tho - olaeat - QpQrate s to further comprising the step of 
decrypting encrypted private data using the master key (Km). 

9. Original) The method recited in Claim 7 further comprising the step of 
decrypting t ncrypted private data using the validated master key (K^)- 
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10. (Original) The method recited in Claim 7 further comprising the step 
of sending proof of the validated master key (K^ and each blinded password 

value (P*) 1 1 the servers. 

1 1 . (Currently Amended) A computer program embodied on a computer- 
readable m* dium for enabling remote password authentication in a multiple- 
server system comprising including a client computer) a plurality of 
authenticati m servers, and a network interconnecting the client c omputer and fee 

5 plurality of authentication servers, the computer program comprising: 
a co le segment that enters a password; 

a data storage area that contains a unique random value y; on each of the 

servers, 

a co .le segment that derives a group element (P) from the password; 

10 a co. le segment that sends blinded password value (P x ) to the servers; 

a cole segment that rotriovoo provided for receiving blinded key shares 

(P xyi ) from the servers; 

a co le segment that unblinds and combines the shares to create a master 
key (K^); a.id 

15 a co te segment that decrypts encrypted private data on the client computer 

using the m ister key (K^), 

12. (Original) The computer program recited in Claim 1 1 further 
comprising a code segment that validates the master key (K^). 

13. (Original) The computer program recited in Claim 1 1 further 
comprising a code segment that decrypts encrypted private data using the master 
keyCKnO. 
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14. The computer program recited in Claim 12 further comprising a code 
segment th* t decrypts encrypted private data using the validated master key (Km). 

15. (Original) The computer program recited in Claim 12 further 
comprising a code segment that sends proof of the validated master key (K™) and 

the blinded password value (P x ) to the servers. 

16. (Currently Amended) The system recited in Claim 1 wherein the 
seftwgre-eei»pegffte$ authentication servers include a memory for maintaining 
instructions which, when executed bv the authentication servers, cause the 
authentication servers to: 

5 mail itain a count of bad login attempts, the number of recent 

amplifications, a list of recent P x password amplification request values, and a list 
of timestam p$ associated with the list of recent password amplification request 
values on the server, 

receives a blinded password (P*) request 
1 0 recor ds the blinded password in a short-tenn list 

chec ks a user account to see if it is locked; 

crea es a blinded key share (P xyi ) in response to the blinded password 
request : anri 

sends the blinded key share to the client computer if it is unlocked. 

17. ^Currently Amended) The system recited in Claim 16 wherein the 
softwar e in; . tractions further cause the authentication servers to : 

recces a timestamp value to note the time that the request was received; 
periodically checks for stale requests which are determined when the 
5 difference between any timestamp value and the current time becomes greater 
than a sped Re period of time; 
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dele es corresponding password amplification request values and 
timestamps . and 

increments the count of bad attempts. 

10 



9 



PAGE 14/23 * RCVD AT 5/25/2005 9:16:52 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-1/0 * DNIS;8729306 * CSID:+40857010M * DURATION (mm-ss):05-12 



MAY-25-2005 17:44 FROM-PHOENIX TECH. LTD LEGAL DEPT. 



+4085701044 



T-024 P. 015/023 F- 



18. (Currently Amended) The system recited in Claim 16 wherein, when a 
successful L>gin occurs, the softwar e instructions further cause the authentication 
servers to : 

send:* a value of Q A> equal to the password raised to a random power, 
5 along with ^ny prior values for Qa from earlier runs in the same login session, to 
each server lq an encrypted message; and 

mticat e s this authenticate the encrypted message using the master key 

Km. 
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1 9, Currently Amended) The method recited in Claim 6 further 
comprising toe steps of: 

maintaining a count of bad login attempts, the number of recent 

amplificatic is, a list of recent P* password amplification request values, and a list 
5 of timestamps associated with the list of recent password amplification request 
values on th£ server; 

recei ving a blinded password (P x ) request 

recoi ding the blinded password in a short-term list 

chec icing a user account to see if it is locked; 

1 0 creai ing a blinded key share (P* yi ) in response to the blinded password 

request : and 

sending the blinded key share to the client compu te r if it is unlocked. 

20. (Curren tly Amended) The syst e m method recited in Claim 19 wh e r e in th e 
15 softwar e fin flier comprising the steps of : 

Fee© 4s recording a timestamp value to note the time that the request was 
received; 

periodically chooka checking for stale requests which are determined when 
the different between any timestamp value and the current time becomes greater 
20 than a speci Jlc period of time; 

dekfj as checking corresponding password amplification request values and 
timestamps; and 

men m e nts incrementing the count of bad attempts. 
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2 1 . (Cu nrently Amended) The method recited in Claim 1 9 further comprising the 
steps of 

sending ihe value of Q A , equal to the password raised to a random power, along 
with any prior \ alues for Q A from earlier runs in the same login session, to each server in 
an encrypted message; and 

authenti ;ating this the encrypted message using the master key Km. 

22* (Cu rently Amended) The computer program recited in Claim 1 1 further 
comprising a ce de segment that: 

maintains a count of bad login attempts, the number of recent amplifications, a list 

of recent P* password amplification request values, and a list of timestamps associated 
with the list of i ecent password amplification request values on the server, 

receives a blinded password (P x ) request 

records t he blinded password in a short-term suspect list 

checks ii user account to see if ft such account is locked; 

creates t blinded key share (P xyi ) if it the user account is unlocked; and 
sends th : blinded key share to the client computer . 

23. (Ori ginal) The computer program recited in Claim 22 further comprising a 
code segment tiiat: 

records m timestamp value to note the time that the request was received; 

periodic illy checks for stale requests which are determined when the difference 
between any timestamp value and the current time becomes greater than a specific period 
of time; 

deletes c orresponding password amplification request values and timestamps; and 
increme. its the count of bad attempts. 

24. (Original) The computer program recited in Claim 22 further comprising a 
code segment fliat: 
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sends th ; value of Qa, equal to the password raised to a random power, along with 
any prior value. ; for Q A from earlier runs in the same login session, to each server in an 
encrypted messige; and 

authenti :ates this message using the master key K m . 
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